Cybercriminals are increasingly impersonating WHO and the UN

Research by British security software and hardware company Sophos found that coronavirus email scams tripled in the last week of March, and we can expect the volume to be increasing. Over 3% of global spam is related to coronavirus, with many of these fraudulent emails impersonating the World Health Organisation or even the United Nations.

Chester Wisniewski, Principal Research Scientist at Sophos, said:

“Cybercriminals are wasting no time in shifting their dirty, tried-and-true attack campaigns towards advantageous lures that prey on mounting virus fears. Criminals often dip a toe in the water when there is a new or sensational topic in the news.”

He detailed a case in which his company tracked an email pretending to come from a WHO address, purportedly giving health advice in an attachment. But after inspection, the text matched a previous spam campaign from “a familiar criminal.”

While most of these spam operations are used to get information from people, there are even more aggressive cybercriminals out there.

Threatening extortion campaigns are also being pursued. In these, messages over social media or email threaten to give the victim or the victim’s family coronavirus unless they pay up. With the amount of information online, and the procedures used to construct holistic user profiles based on miscellaneous knowledge, attackers can make it seem like they know everything about a victim just by giving a few details. This makes the attacker seem like they have the capacity to execute their threats, and inevitably, people end up being exploited.

Other more sophisticated scammers use HMRC or departmental logos and graphics to get information from consumers, offering spurious sums of money under the guise of lockdown or furlough relief. In the United States, there has been evidence of insurance scams, such as fake COVID-19 health insurance offered at competitive rates.

Scammers and con-artists are sensitive to the news cycle, trends and the current political or economic climate. They will often seem persuasive because what they claim will seem salient, despite the content having most likely been tweaked from a previous scam based on a different news item or trending phenomenon.

Do not let criminals make you take rash decisions over fear of current market turmoil.

If you have any questions about data protection, please contact us via email or call 01787 277742.

Harry Smithson, 10th April 2020